8 ArcGIS Server: Role considerations How much control do I have on my ArcGIS Server site? - Managed by me, within my Dept? or - Managed by my organization s IT Dept May affect where you define your roles or LDAP Built-in identity store Enterprise identity store A

19 Securing GIS Web Services Set permissions for roles on folders and services - Administrators/Publishers grant permissions All new services are public by default - Anonymous access Can specify whether folders require HTTPS

20 Demo ArcGIS Server Manager Show securing a web service Show accessing a secured web service

21 Encryption and HTTPS Securing communication protocols

22 Should you be using HTTPS? Hypertext Transfer Protocol Secure (HTTPS) HTTPS: a protocol for secure communication Yes! To enable, you need to update the security configuration within the ArcGIS Server Administrator Directory - Select HTTP And HTTPS or HTTPS Only HTTPS requires security certificate, which contains - Key information, owner identity, and digital signature of an entity that has verified the certificate s contents are correct

23 Security Certificates Enabling HTTPS in ArcGIS Server generates a self-signed certificate for every machine in the site - Used to communicate with the ArcGIS Web Adaptor over port 6443 For production site, the ArcGIS Web Adaptor should use a certificate signed by a domain or well-known Certificate Authority (CA) Web clients use the certificate to trust content from ArcGIS Server Want to avoid: Certificate signed by domain or well-known CA A

24 How do you set up a Security Certificate? 1. Generate a Certificate Signing Request (CSR) 2. Send CSR for signing - By a domain or well-known Certificate Authority 3. Import signed certificate A

30 What does it mean to be Secured? Portal Item Web Map Packages Data Application What access means Can know what the URLs for the layers in the map Layers are secured independently Can download the package Can download the data Allows opening of app* (except referenced external app) ArcGIS Server Any service What access means Can perform any operation that is enabled

31 How is Security Set? Portal for ArcGIS - Permissions set by item owner - Can be changed by administrators Portal Items Web map Data Web app ArcGIS Server - Permissions can be set by any publisher/administrator Web Services

33 How to Choose Identity Store for Portal for ArcGIS If the org has an Identity provider If the users are mostly or all internal If the users are mostly external SAML Windows Active Directory or LDAP Built-in

34 Groups and Roles A collection of users is called - Group in Portal for ArcGIS - Role in ArcGIS Server Collection of users In Portal, you define the Group - If you use enterprise identity store, can leverage enterprise groups In Server, Role defined with built-in roles or from enterprise identity store

41 Portal Server Federation Allows a single sign-on (SSO) experience between Portal and Server Permissions are all managed in Portal ArcGIS Server site must be HTTPS enabled Portal for ArcGIS Identity store When to use: - Desire for SSO user experience ArcGIS Server When NOT to use - When Portal/Server are in different physical locations - Portal and Server are different releases

42 Demo Portal for ArcGIS Show federating an ArcGIS Server site with Portal

43 Portal for ArcGIS and HTTPS The ArcGIS Web Adaptor is the primary access point for Portal - For production site, use a signed certificate from a domain or well-known Certificate Authority (CA) By default, Portal for ArcGIS encrypts communication between itself and the ArcGIS Web Adaptor on port 7443 via HTTPS Portal maintains a list of trusted CA Certs used when accessing external services over HTTPS - Needs to be updated if Portal is accessing internal services via HTTPS - Configuring the portal to trust certificates from your certifying authority

44 Other Security Options in Portal for ArcGIS Portal for ArcGIS At 10.3, several enhancements were added 1. Support for enterprise groups when Portal uses an enterprise identity store - Windows Active Directory or LDAP 2. Support for SAML authentication

45 10.3 Support for Enterprise Groups Enabled when Portal is configured with Windows Active Directory or LDAP

Egnyte Single Sign-On (SSO) Installation for OneLogin To set up Egnyte so employees can log in using SSO, follow the steps below to configure OneLogin and Egnyte to work with each other. 1. Set up OneLogin

Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories

Chapter 94 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

Chapter 41 Configuring Salesforce The following is an overview of how to configure the Salesforce.com application for singlesign on: 1 Prepare Salesforce for single sign-on: This involves the following:

How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and

Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

HP Software as a Service Software Version: 6.1 Federated SSO Document Release Date: August 2013 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE SAML 2.0 CONFIGURATION GUIDE Roy Heaton David Pham-Van Version 1.1 Published March 23, 2015 This document describes how to configure OVD to use SAML 2.0 for user

HP Software as a Service Federated SSO Guide Document Release Date: July 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying

Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit Note: SecureAware version 3.7 and above contains all files and setup configuration needed to use Microsoft IIS as a front end web server. Installing

SAML Single Sign-On T his feature is add-on service available to Enterprise accounts. Are you already using an Identity Provider (IdP) to manage logins and access to the various systems your users need

Enabling SAML Single Sign-On with OneLogin Reference Guide 2016 Adobe Systems Incorporated. All Rights Reserved. Products mentioned in this document, such as the services of identity provider Onelogin,

Q: Is the challenge required or can pass through authentication be used with regard to automatic login after you login to your corporate domain? A: You can configure the system to pass on the challenge

Cox Managed CPE Services RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] September, 2015 2015 by Cox Communications. All rights reserved. No part of this document may be reproduced or transmitted

Chapter 40 Configuring Connected Data The following is an overview of the steps required to configure the Connected Data Web application for single sign-on (SSO) via SAML. Connected Data offers both IdP-initiated

CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About

SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

CENTRIFY DEPLOYMENT GUIDE Google Apps Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of your corporate

Chapter 190 WebEx This chapter includes the following sections: "An overview of configuring WebEx for single sign-on" on page 190-1600 "Configuring WebEx for SSO" on page 190-1601 "Configuring WebEx in

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by

CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

Configuring Parature Self-Service Portal Chapter 2 The following is an overview of the steps required to configure the Parature Self-Service Portal application for single sign-on (SSO) via SAML. Parature

Single Sign On (SSO) Implementation Manual For Connect 5 & MyConnect Sites Version 6 Release 5.7 September 2013 1 What is Blackboard Connect Single Sign On?... 3 How it Works... 3 Drawbacks to Using Single

Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is

Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured

Protecting Juniper SA using Certificate-Based Authentication Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

Chapter 117 Configuring SuccessFactors The following is an overview of the steps required to configure the SuccessFactors Enterprise Edition Web application for single sign-on (SSO) via SAML. SuccessFactors

A Box White Paper Increase the Security of Your Box Account With Single Sign-On Box s high level of security, 24x7 support and 99.9% uptime are critical for us. The biggest benefits are the reliability

Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about

I. Overview This document covers the processes required to create a self-signed certificate or to import a 3 rd party certificate using the Oracle Certificate Authority. In addition, the steps to configure